diff options
| author | Al Viro <viro@zeniv.linux.org.uk> | 2006-11-30 22:24:12 -0500 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2006-12-03 00:31:54 -0500 |
| commit | 40642f95f5f818579bc4cc3ee084b033e662d5b3 (patch) | |
| tree | 6c510017836a0ff75146a9a4e79ca487ed3f62d5 /net/bridge | |
| parent | bb2ef25c2c62444b8fdb0346a23658a419803df9 (diff) | |
[EBTABLES]: Verify that ebt_entries have zero ->distinguisher.
We need that for iterator to work; existing check had been too weak.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/bridge')
| -rw-r--r-- | net/bridge/netfilter/ebtables.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 0dcebf20d6ce..6ab7674ea454 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c | |||
| @@ -417,7 +417,7 @@ ebt_check_entry_size_and_hooks(struct ebt_entry *e, | |||
| 417 | /* beginning of a new chain | 417 | /* beginning of a new chain |
| 418 | if i == NF_BR_NUMHOOKS it must be a user defined chain */ | 418 | if i == NF_BR_NUMHOOKS it must be a user defined chain */ |
| 419 | if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) { | 419 | if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) { |
| 420 | if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) != 0) { | 420 | if (e->bitmask != 0) { |
| 421 | /* we make userspace set this right, | 421 | /* we make userspace set this right, |
| 422 | so there is no misunderstanding */ | 422 | so there is no misunderstanding */ |
| 423 | BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set " | 423 | BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set " |
| @@ -500,7 +500,7 @@ ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo, | |||
| 500 | int i; | 500 | int i; |
| 501 | 501 | ||
| 502 | /* we're only interested in chain starts */ | 502 | /* we're only interested in chain starts */ |
| 503 | if (e->bitmask & EBT_ENTRY_OR_ENTRIES) | 503 | if (e->bitmask) |
| 504 | return 0; | 504 | return 0; |
| 505 | for (i = 0; i < NF_BR_NUMHOOKS; i++) { | 505 | for (i = 0; i < NF_BR_NUMHOOKS; i++) { |
| 506 | if ((valid_hooks & (1 << i)) == 0) | 506 | if ((valid_hooks & (1 << i)) == 0) |
| @@ -550,7 +550,7 @@ ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt) | |||
| 550 | { | 550 | { |
| 551 | struct ebt_entry_target *t; | 551 | struct ebt_entry_target *t; |
| 552 | 552 | ||
| 553 | if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0) | 553 | if (e->bitmask == 0) |
| 554 | return 0; | 554 | return 0; |
| 555 | /* we're done */ | 555 | /* we're done */ |
| 556 | if (cnt && (*cnt)-- == 0) | 556 | if (cnt && (*cnt)-- == 0) |
| @@ -576,7 +576,7 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo, | |||
| 576 | int ret; | 576 | int ret; |
| 577 | 577 | ||
| 578 | /* don't mess with the struct ebt_entries */ | 578 | /* don't mess with the struct ebt_entries */ |
| 579 | if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0) | 579 | if (e->bitmask == 0) |
| 580 | return 0; | 580 | return 0; |
| 581 | 581 | ||
| 582 | if (e->bitmask & ~EBT_F_MASK) { | 582 | if (e->bitmask & ~EBT_F_MASK) { |
| @@ -1309,7 +1309,7 @@ static inline int ebt_make_names(struct ebt_entry *e, char *base, char *ubase) | |||
| 1309 | char *hlp; | 1309 | char *hlp; |
| 1310 | struct ebt_entry_target *t; | 1310 | struct ebt_entry_target *t; |
| 1311 | 1311 | ||
| 1312 | if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0) | 1312 | if (e->bitmask == 0) |
| 1313 | return 0; | 1313 | return 0; |
| 1314 | 1314 | ||
| 1315 | hlp = ubase - base + (char *)e + e->target_offset; | 1315 | hlp = ubase - base + (char *)e + e->target_offset; |